fault tree analsyis for piper alpha disaster

16
1 1. Brief Description of the Piper Alpha Accident The Piper Alpha accident, a major offshore disaster which turned around safety regulations in the oil/gas sector in the United Kingdom thus giving birth to the “Offshore Installation (Safety Case) Regulation 1992 and the transfer of offshore safety from the Department of Energy to the United Kingdom Health and Safety Executive, occurred on the 6 th July 1998 in block 15/17; a facility which comprised of module A, B, C and D and was run by Occidental Petroleum (Caledonia) Ltd in the North Sea (Drysdale and Slyvester- Evans 1998, Sam 2012). The accident occurred due to process disruption by production under high pressure, removal of pump A for maintenance, removal of PSV 504 for recertification and set of miscommunication which resulted to release of condensate via leakage from a flange causing series of explosions firstly in module C and through module B. These series of explosions led to the rupture of a gas line, tanks and other structures leading to huge fire invading the gas riser of different platforms connected to the Piper Alpha thus resulted to an uncontrollable fire beneath the platform which burnt across module B and C and even to more important areas of the platform due to the design structure of the upper-side of the platform. This resulted to total damage in the initial phase of the disaster to the control room and the radio room (Pate-Cornell 1993, Sam 2012, Pranav 2013). However, as a result of these series of explosions and other events, tremendous damage which was facilitated by structural failures led to the total loss of the Piper Alpha platform in such that only module A was standing at the end of this disaster. Furthermore, 165 personnel who worked in the platform and 2 rescue workers were killed, and a monetary loss of over $3 billion was estimated (Pate-Cornell 1993, Pranav 2013). 2. Identification, description of hazards and how they cause failure in accident. The Piper Alpha accident occurred due to combination of various hazards that contributed it’s quota thus leading to the accident which happens to be one of the biggest accidents in the oil and gas sector. More so, there is the probability that the extent of loss encountered in this accident would have been minimised whereas efforts had been made to checkmate some of these hazards (Drysdale and Slyvester-Evans 1998). In this section, effort will be made to identify each of these hazards and their relationship with the accident. 1) Condensate leakage from hand tighened flange at site of PSV 504. The leakage of condensate is the product of series of events. These events includes the isolation of pump A, isolation of relif valve A (PSV-504), removal of permit to work of relieve valve A by day shift personnel, lack of update on removal of relieve valve A to night shift personnel and inability of night shift personnel to simply reconnect back power supply to pump A prior to restarting of pump A because these night shift personnel had knowledge that a permit to work had been issued for pump A for maintenance for two weeks and that pupm A has been electrically isolated. These several lapses contributed hugely to the failure in Piper Alpha. This is so because, the ignition which caused the first explosion originated from the point of condesate leakage which occurred when the night shift personnel restarted pump A after several attempt of restarting pump B after it had tripped. The release of condensate from the hand tightened flange on PSV-504 produced a flammable mixture as the condensate gathered in module C where it reacted with an ignition source thus leading to the first explosion. Therefore, this initiated the entire event (Chevron Corporation 2013, Brian 2001). 2) The non-visibility of the digital control system (DCS). The digital control system is a vital equipment in process control and cordincation of all production processes. The visibility of the display screen is extremely important because it aids in the quick identification of any deviation in the production process, but in the cae of the Piper Alpha platform, the display screen which served as the monitoring boards were obviously not visible. This contributed to failure in the case of the Piper Alpha because it led to a situations where the personnel was unable to trace the origin of a warning alarm from the DCS in order for the personnel to initiate the right mitigation in retifying the process disturbance so as to shutting down the alarm, thus preventing any escalation which could lead to any form of faiure event. The inability to trace the origin of the first alarm contributed immersely to the disaster in Piper Alpha (Pate-Cornell 1993, Brian 2001).

Upload: ahiamadu-jackson-samuel

Post on 31-Dec-2015

1.323 views

Category:

Documents


63 download

DESCRIPTION

This work is about the Piper Alpha disaster, it covers areas such as a short description, hazards, lessons, fault tree analysis etc

TRANSCRIPT

Page 1: Fault Tree Analsyis for Piper Alpha Disaster

1

1. Brief Description of the Piper Alpha Accident

The Piper Alpha accident, a major offshore disaster which turned around safety regulations in the oil/gas

sector in the United Kingdom thus giving birth to the “Offshore Installation (Safety Case) Regulation 1992

and the transfer of offshore safety from the Department of Energy to the United Kingdom Health and

Safety Executive, occurred on the 6th

July 1998 in block 15/17; a facility which comprised of module A, B,

C and D and was run by Occidental Petroleum (Caledonia) Ltd in the North Sea (Drysdale and Slyvester-

Evans 1998, Sam 2012).

The accident occurred due to process disruption by production under high pressure, removal of pump A

for maintenance, removal of PSV 504 for recertification and set of miscommunication which resulted to

release of condensate via leakage from a flange causing series of explosions firstly in module C and

through module B. These series of explosions led to the rupture of a gas line, tanks and other structures

leading to huge fire invading the gas riser of different platforms connected to the Piper Alpha thus resulted

to an uncontrollable fire beneath the platform which burnt across module B and C and even to more

important areas of the platform due to the design structure of the upper-side of the platform. This resulted

to total damage in the initial phase of the disaster to the control room and the radio room (Pate-Cornell

1993, Sam 2012, Pranav 2013).

However, as a result of these series of explosions and other events, tremendous damage which was

facilitated by structural failures led to the total loss of the Piper Alpha platform in such that only module A

was standing at the end of this disaster. Furthermore, 165 personnel who worked in the platform and 2

rescue workers were killed, and a monetary loss of over $3 billion was estimated (Pate-Cornell 1993,

Pranav 2013).

2. Identification, description of hazards and how they cause failure in accident.

The Piper Alpha accident occurred due to combination of various hazards that contributed it’s quota thus

leading to the accident which happens to be one of the biggest accidents in the oil and gas sector. More so,

there is the probability that the extent of loss encountered in this accident would have been minimised

whereas efforts had been made to checkmate some of these hazards (Drysdale and Slyvester-Evans 1998).

In this section, effort will be made to identify each of these hazards and their relationship with the accident.

1) Condensate leakage from hand tighened flange at site of PSV 504.

The leakage of condensate is the product of series of events. These events includes the isolation of

pump A, isolation of relif valve A (PSV-504), removal of permit to work of relieve valve A by day

shift personnel, lack of update on removal of relieve valve A to night shift personnel and inability of

night shift personnel to simply reconnect back power supply to pump A prior to restarting of pump A

because these night shift personnel had knowledge that a permit to work had been issued for pump A

for maintenance for two weeks and that pupm A has been electrically isolated. These several lapses

contributed hugely to the failure in Piper Alpha. This is so because, the ignition which caused the first

explosion originated from the point of condesate leakage which occurred when the night shift

personnel restarted pump A after several attempt of restarting pump B after it had tripped. The release

of condensate from the hand tightened flange on PSV-504 produced a flammable mixture as the

condensate gathered in module C where it reacted with an ignition source thus leading to the first

explosion. Therefore, this initiated the entire event (Chevron Corporation 2013, Brian 2001).

2) The non-visibility of the digital control system (DCS).

The digital control system is a vital equipment in process control and cordincation of all production

processes. The visibility of the display screen is extremely important because it aids in the quick

identification of any deviation in the production process, but in the cae of the Piper Alpha platform, the

display screen which served as the monitoring boards were obviously not visible. This contributed to

failure in the case of the Piper Alpha because it led to a situations where the personnel was unable to

trace the origin of a warning alarm from the DCS in order for the personnel to initiate the right

mitigation in retifying the process disturbance so as to shutting down the alarm, thus preventing any

escalation which could lead to any form of faiure event. The inability to trace the origin of the first

alarm contributed immersely to the disaster in Piper Alpha (Pate-Cornell 1993, Brian 2001).

Page 2: Fault Tree Analsyis for Piper Alpha Disaster

2

3) Failure of permit to work system

The permit to work is a vital system in industries because it helps to keep in view works which are

ongoing onsite and helps to relate each of these work where necessary. In Piper Alpha, the system of

permit to work was poor. This is because, there was no reference of the the 24 months ongoing

maintenance work on pump A and the recertification work of PSV 504 by the night shift personnel.

More so, after the end of the day shift, the return of the permit to work which had been assigned to

PSV 504 did not follow the laid down rules thus breaching thee permit to work system. Besides, the

permit to work for pump A and PSV 504 did not make reference to each other. Therefore, upon failure

of pump B, the night shift personnel decided to start pump A which would not have happened if the

personnel has seen the permit to work of PSV 504 or even been aware of it removal for recertification.

This to a great extent caused failure in Piper Alpha (David 2013, Oil and Gas n.d.). Moreover, the

failure of the permit to work system as regards disaster was not formally in the procedures but was

rather in the practical applications (M 1991, Brian 2001).

4) Operation of the fire fighting system

Fire fighting system is a very vital system which has to be highly effective and always functional in

any offshore facility especially one like the Piper Alpha. The reason been that, unlike onshore facilities

where emergency services whenever needed arrives within minutes, offshore facilities need to handle

any form of emergency on the facility using the available and installed equipments on board with crew

members while waiting for arrival of emergency services. Besides, the platform had a fire fighting ship

which could pump water onto it, but had minute effect to curtail the disaster and there was a deluge

system which happened to be the main fire fighting equipment which sprayed certain amount of water

across equipment areas that contained hydrocarbons (Pate-Cornell 1993, Brian 2001).

Furthermore, the deluge system was supplied sea water by sets of electrical pumps which were

rendered inactive at the onset of the first explosion which damaged the mai unit responsible for power

supply. Athough, the risk of the electrically powered pumps been non-functional had been analysed

with backup automatic diesel pumps provided to mitigate this risk. However, these diesel pumps were

on manual operation mode on the night of the disaster, so they could not start automatically to pump

water to the deluge system which could have curtailed the pump (Pate-Cornell 1993, Brian 2001).

Moreover, the probability of the deluge system been efficient in curtailing this disaster had the

automatic diesel kick started was unlikely. This is because part of the system had probably been

damaged by the first explosion. Also, the entire heads of system had been blocked due to corrosion of

the pipe by sea water and the disposition of corroded particles on the spray heads. Several attempts has

been made to solve this problem but to no avail, so a decision to replace the pipes was reached but had

not been totally replaced when the incident happened. Therefore, the lack of a properly functional

deluge system contributed immersely to the failure. Besides, if it had been functional, the extent of loss

would have been curtailed by the spray of high pressure water on the platform (Leal-Valias n.d., Pate-

Cornell 1993, Brian 2001).

5) Low level of safety training

The low level of training in Piper Alpha contributed to the failure event. This is because personnel

were supposed to be trained but often times this trainings are waived once personnel admits to have

work offshore in the past. This practice by management helped to bring to the barest minimum the

safety culture amongst personnel thus leading to a situation where the right procedure of carrying out

production tasks were often neglected. This was evident in the personnel response of not been able to

work over time when they knew that PSV 504 was an important valve in the facility that should be

fixed in the shortest time possible since there is always the possibility of a breakdown of the other

functional pump. More so, this neglience due to low safety training is also seen in the aspect of

supervisors who failed to take actions like caution personnel or even report personnel negligent to

safety to management. More so, this is evident in the the flange on the PSV 504, was only hand

tightened without by personnel who did not deem it necessary to perform a leak test after tightening the

flange. More so, the low level of safety training was evident because personnel failed to understand the

need to properly communicate all ongoing work during shift change over and also failed to access the

link between every on-going job on site in Piper Alpha (Chevron Corporation 2013, Brian 2001, Leal-

Valias n.d., Pate-Cornell 1993, Sam 2012). The low level of safety training thus contributed hugely to

Page 3: Fault Tree Analsyis for Piper Alpha Disaster

3

the event of Piper Alpha because of the negligence exhibited by personnel because no appropriate safet

training was provided

6) Lack of blast walls installed between modules

The importance of blast walls in an oil rig cannot be undermined. This is because it help to a greater

extent in preventing fatalities in the case of any failure event which ivolves explosion or even fire

outbreak in the facility. In Piper Alpha the firewalls were made up of bolted lattice-work construction.

These fire walls were not designed to withstand explosion so when the first and second explosions

occurred, B/C and C/D firewalls were all blow off causing tremendous increase in damage. More so,

the damage of the firewalls also affected the destruction of the control. Hence, if there had been blast

wall that could withstand the first and second explosion, the degree of damage and loss of life in Piper

Alpha would have been minimal. Moreover, a risk assessement conducted earlier had suggest the

subsequent installation of blast walls when it considered the effect of failure of a high pressure gas

pipeline. This recommendation was once again neglected by management thus on the eventual failure

of a high pressue gas pipeline, devasting event as seen in the loss of Piper Alpha was the result of

management negligence (Chevron Corporation 2013, Pate-Cornell 1993, Brian 2001, Mohamad 2013).

7) Siting of extraction equipments in close proximity tothe control room

The building of process equipments near the control to great extent contributed massively to the event

of Piper Alpha which happens to be the “ location where all production activities are monitored,

controlled, coordinated and information sent out to personnel as regards production status and

conditions on site constantly”. But, the initial explosion totally destroyed the control room and killed

personnel who had mad efforts to intiate mitigation through the DCS. Therefore, the nearness of the

control room to production facilities was totally a hazard in waiting (Leal-Valias n.d., Pate-Cornell

1993, Brian 2001).

8) Lack of communication amongst personnel

The issue of communication is very relevant in the offshore facilities. In Piper Alpha, communication

was tolled with amongst personnel. For example, the day shift personnel failed to inform the night shift

personnel about the status of PSV 504, the supretendient failed to ask the technicians about the status

of PSV 504 at the end of day shift. This situations clearly shows that the lack of communication is a

hazard which contributed to the accident (Pate-Cornell 1993).

9) Management lapses

Management failed to perform trainings for newly recruited personnel, it also operated a situation of

promotion whereby unqualified personnel are assigned task which they have no capacity to perform.

More so, the number of crew members on board the Piper Alpha were not enough, this entails that

management failed to employ as many as needed personnel in the operation of the platform. Thus,

giving room to a situation where a personnel need to perform tasks such personnel never had a prior

knowledge on. More so, the head of the deluge system which had been recommendation for change due

to corrosion effects even after several years was not totally changed. More so, the failure of

management to immediately switch the diesel fire pump back to automatic mode even after 24 hours

that divers had stopped work in the waters close to the platform. Therefore, management lapses is

hazard that caused the accident (Chevron Corporation 2013, Leal-Valias n.d., Pate-Cornell 1993, Brian

2001). More so, the methanol system which helps prevent hydrate formation on pipeline in the facility

had problems and was neglected by management. Therefore causing pump B to trip as hydrate had

accummulated in the line (Mohamad 2013). All these are management lapses which if had been

properly controlled, maybe the incident of Piper Alpha would have been prevented.

10) Installation of the gas conservation module close to the utility module

The gas conservation module in the platform was too near to the utility module. This contributed

tremendously to the disaster because it the gas conservation module provided fuel for massive fire thus

leading to several explosion that resulted to the ruputring of several facilities on the Piper Alpha. More

so, it was the main source of the smoke that prevented emergency workers from accessing the platform

and also assisted in the formation of the jet fire after the rupturing of the Tartan riser, Claymore riser

and MCP01 riser (Leal-Valias n.d., Pate-Cornell 1993, Brian 2001).

Page 4: Fault Tree Analsyis for Piper Alpha Disaster

4

11) The restructure of the platform

Piper Alpha was initially an oil rig but was modified later on into a gas production facility. The

conversion of the facility to oil and gas facility posed as huge hazard because the change was not

managed effectively and efficiently. More so, this change implied that both oil and gas pipelines will

be in close proximity thus no inherent safety practice was put in place to curtail any issues which might

arise. (Mohamad 2013)

3. Fault-tree analysis.

The use of fault tree to analyze the Piper Alpha disaster is relevant.The reason been that it helps to

explicitly provide the relationships that exist between the series of events that led to the disaster. More so,

it provides for an opportunity to fully qunatify the events. In the construction of the fault tree for Alpha

various events is considered and linked together to show their role in the accident. Furthermore, the use of

fault tree will provide an opportunity to prioritize the events thus showing the event which played high

contributory role that led to the event.

Table 1: Description of Keys to Fault Tree

Events Description of event Event Description of event

TE Loss of Piper Alpha due to explosions

and massive fire Failure of deluge system

Rupture of higly pressurized LPG

pipeline Continuous operation of Pump A

Bursting of Claymore riser Process disturbance (production under high

pressure

Rupture of MCP01 riser Removed PSV 504 for recertification

First explosion in Module C that

housees process oil and gas Unable to complete recertication work of

PSV 504 before shift change

Condensate leakage from PSV 504 of

pump A Misplace permit to work of PSV 504

Hand tightened flange on PSV 504 Misplace permit to work of PSV 504

Restart of pump A Permit to work of pump A kept in different

location

Closure of permit to work of pump A Failure of personnel to reconnect power to

pump A

Need to continue production Hydrate formed in pipeline resulting to

tripping of pump B

Rupture of 120 atm Claymore riser Pump A was marked for maintenance

Second Explosion in Module B due to

rupture of 55 tonne oil tank Permit to work of pump A was with no

reference to PSV 504

Light weitgh condensate pipeline

rupture Failure of Tharos fire equipment

Loss of C/D firewalls Jet fire from broken riser

Loss of Control Room Huge leakage of crude oil in Module C

which gathered on the grates

Loss of main power supply Failure of B/C firewall

Failure of emergency shutdown system Spread of fire across Module C

Failure of gas detector Continued supply of oil and gas from

Claymore and Tartan platform

Page 5: Fault Tree Analsyis for Piper Alpha Disaster

5

Figure 1: Hand Drawn Fault Tree of Piper Alpha Disaster

Page 6: Fault Tree Analsyis for Piper Alpha Disaster

6

4. Explanation of logic leading to accident using Boolean Logic

The Boolean loogic is used to explain th logic behind this event considering the fault tree from top

to down

The destruction of Piper Alpha was the result of combination of either of

three (3) intermediate events that were aftermaths of series of intermediate and basic events. The

combination of these events, which includes, the “rupture of highly pressurized LPG pipeline ”

“bursting of Claymore riser ” “rupture of The

. Besides, either of these failures led to the loss of Piper

Alpha platform which slipped into the North Sea at the end of the sequence of events albeit Module

A which survived the disaster. More so, out of the 226 personnel onboard the Piper Alpha, 165

personnel lost their lives and 2 other persons from the rescue team were killed.

However, “rupture of the highly pressurized LPG pipeline caused by the “loss of C/D

firewall “loss of Control Room “loss of main power supply

“failure of emergency shutdown system failure of gas detectors “failure of

deluge system “first explosion in Module C which houses processed oil and gas

combine to initiate the onset of the devastating intermediate event. However the occurrence of

intermediate event triggered the onset of series of basic events , which

simultaneously combined, resulting into applicable because these

events uniquely combined with each contributing its quota.

Furthermore, the “rupture of the claymore riser ” occurred due to, “failure of Tharos fire

equipment ” “jet fire from the broken riser ” “the rupture of the Tartan

riser ”. The Tharos firefighting equipment been an equipment put in place for mitigation of any

fire incident on the Piper Alpha platform began to melt at the inception of the first explosion and

massive fire thus resulting into a situation where the equipment was unable to perform its duties,

thus allowing the formation of huge jet fire, hence contributing to the rupture of the Claymore riser

due to formation.

Moreover, “the rupture of the Tartan riser ” which helped transport oil and gas in the Piper

Alpha for onward onshore transportation for processing resulted from “the huge leakage of crude oil in

module C which gathered on the grates which had been kept on the platform by divers

“failure of B/C firewall ”, an aftermath of the first explosion, “second explosion on

module B due to the rupturing of 55 tonnes oil tank ” “spread of fire module C ”. The

rupture of the Tartan riser supplied fuel to the fire which was already burning in the Piper Alpha.

In addition, “the second explosion ” which occurred in the Piper Alpha was the effect of the “light

weight condensate pipeline rupturing ” “the continued supply of oil and gas from

Claymore and Tartan platform ”. On the onset of the accident, the two platform that

transported oil and gas to Piper Alpha for onward transportation to onshore facility continued this

cycle of fluid transportation, thus providing more fuel for the already massive fire that have

developed in the platform. .

Also, the“light weight condensate pipeline ruptures ” happened bcause of “the leakage of

condensate from the PSV 504 of pump A ” “continual operation of pump A ”

“process disturbance as a result of production been performed under high pressure ”.

Furthermore, “rupture of ” resulted from the, “failure of Tharos fire

equipment ” “jet fire from the broken riser ” “the rupture of the Tartan

riser ”. . The rupturing of the , resulted into

the release of gas into the atmosphere thus resulting into the formation of huge flames.

Also, “first explosion in Module C ” occurred due to the an intermediate event and two basic

events, “the leakage of condensate from the PSV 504 of pump A ” “continual operation of

Page 7: Fault Tree Analsyis for Piper Alpha Disaster

7

pump A ” “process disturbance as a result of production been performed under high

pressure ”

In addition, “condensate leakage from PSV 504 of pump A ” resulted from the “hand tightened flange

on PSV 504 ” “the restart of pump A which was due for maintenance by night shift

personnel ”.

Moreover, the “hand tightened flange on PSV 504 ” was done by personnel who have earlier “Removed

PSV 504 for recertification work ” was “unable to complete the recertification before shift

change ” “misplaced the permit to work of PSV 504 )”.

Also, the “restart of pump A ” is the onset for the disaster in Piper Alpha. The combined nature

of the “misplaced the permit to work of PSV 504 )” the fact the “permit to work of pump

A was kept in different location ” the fact that the “permit to work of A was closed as a

result of miscommunication and misconception ” . The restart

of pump A after several attempt to restart pump B.

Furthermore, the “permit to work of A was closed as a result of miscommunication and

misconception ” was as a result of the intermediate event, that is “need to continue

production a basic event which “failure of personnel to reconnect power to pump

A which had earlier been isolated. The permit to work of pump A was closed because it

started that the work for which the permit to work was open will be started on the 7th

July,

1988. ” .

Besides, the “need to continue production resulted from the production situation that arouse when

“hydrate formed in production pipeline resulting to tripping pump B t as “pump A was

marked for maintenance the “permit to work of pump A was with no reference to PSV

504

Moreover, the intermediate event are connected to intermediate event to through

intermediate event the . This implies that the various events that occurred from intermediate

event to contributed to the occurrence of intermediate event as shown on the fault

tree.

Therefore, it is the “rupture of highly pressurized LPG pipeline ” “bursting of Claymore

riser ” “rupturing of combined with the various intermediate and basic

events.

5. Actions to prevent future failure

In regards to the Piper Alpha disaster, there are several actions which could be taken to prevent the

reoccurrence of such disaster in the future. These actions include

1) Ensuring to put in place a proper auditing and monitoring system

A proper auditing and monitoring system is a relevant step which must be taken to ensure that

future failure does not occur. The reason why this is necessary is because, this ought to be one of

the key areas of the safety management system of any organisation that really want to prevent to the

lowest minimum the occurrence of failure event which could put workers safety and the

environment at a loss. In the case of Piper Alpha, it is evident that there was safety audit and

monitoring but it was not of right standard and quality as many of the deficiencies could have been

picked up it the auditing and monitoring was of standard. Therefore, it is reason to perform a

standard and proper auditing./monitoring so as to ensure that no casaultive agent of event failure is

left unidentified. More so, the need for a proper auditing and monitoring system is to ensure that

the right mitigation and actions are put in place in to avert failure.

2) Ensure proper safety training for all personnel including contractors and sub-contractors.

There is need for proper training to be regularly conducted for all personnel. The reasons to

perform such training is to ensure that personnel are always aware of the need to be safety

conscious while carrying out their jobs. In addition, all new recruits should be exposed to training

such as fire training, emergency response training before ever resuming work. This will to a great

Page 8: Fault Tree Analsyis for Piper Alpha Disaster

8

extent alight the new recruit of the importance of always been safety reliant while performing their

jobs.

3) Provision of temporary safe shelter

In the case of Piper Alpha, most fatalities occurred as a result of suffocation from inhalation of

smoke. Therefore, it is necessary for operators to always provide a temporary safe shelter where all

onboard personnel outside the accommodation platforms can always take refuge during emergency

with proper instruction followed while doing so prior to evacuation. This temporary safe shelter

could be in the accommodation or production platform and constant safety drills should be

performed to always keep personnels alert on how to evacuate to the temporary safe shelter when

necessary. More so, there should be total protection against the enterance of smoke or fumes of any

form into the temporary shelter and provision should be made in the design to ensure that

ventilation dampers of such shelter do not shoot on high temperature as was the case of the

accommodation block in Piper Alpha.

4) Strong safety culture should be inculcated

There is need to inculcate a strong safety culture at all levels to prevent a repitition of the Piper

Alpha disaster. In Piper Alpha the safety culture was poor thus giving room to situation of “I do not

care attitude”. This is evident in the ways the facility was been handled, personnel with low

qualification promoted to occupy key positions by management, inability to adhere to

recommendations for change of head of deluge system, unwillingness to perform safety training.

Inculcating a strong safety culture will help to prevent future accident failure because, personnel

and management will always perform work practices in ways that controls hazards effectively,

there will be a much more high level of positive attitude in managing risks and compliance to laid

down rules of prodction thus providing personnel and maanagement the opportunity to learn from

failure events and near misses which will help prevent future reoccurrence.

5) High quality safety management should be practiced

High quality safety management is relevant to prevent the reoccurence of the Piper Alpha disaster.

In Piper Alpha, the decision to always switch the diesel fire pumps to manual mode each time

divers were on the water was right but it lacked quality in that it did not put in place a procedure

that will immediately turn on the diesel fire pumps back to automatic mode immediately divers

leave the water. Quality safety management is necessary because it ensures that standards are not

broken thus providing a quality system where lives of personnel and even the equipment are highly

safe. Moreso, quality safety management will help prevent future reoccurence because the right

safety system will be provided to enure high quality safety management. More so, this will reflect

in the safet culture of personnel.

6) Thorough Hazard and Operability Study (HAZOP) should be conducted.

It is essential that a proper HAZOP should be carried out during the design stage of platform to

prevent the future reoccurence of the Piper Alpha disaster. In doing this, the possible hazards will

be identified and mitigation measures rightly put in place to eithere eleminate those hazards or

curtail its tendencies to cause harm.

7) Proper positioning of emergency shutdown valve (ESV)

The position of emergency shutdown valve is essential because it helps prevent the onset of

failures. In Piper Alpha, the ESV was not properly installed along the Claymore, Tartan and

MCOP-01 risers which resulted into the rupturing of these risers. For example, the ESV of the

Tartan raiser was far from were the Tartan riser ruptured. However, if the ESV’s were properly

located close to the sea level, it would have shut down these risers at the onset of the first explosion

thus curtailing the effect of the failure event. Therefor, it is recommended that the ESV be properly

positioned in production faciltie so as to avoid repeatition of the Piper Alpha disaster.

8) A proper permit to work system should be put in place

A proper permit to work system unlike that found in the Piper Alpha will help prevent a disaster of

this magnitude in the future. This is because the permit to work will provide an effective means of

communication between personnel especially during shift handovers. A proper permit to work

Page 9: Fault Tree Analsyis for Piper Alpha Disaster

9

system will be made possible by making the procedure from opening to closing a permit to work as

easy as possible and also providing trainig to personnel on how best to perform work practices with

the work permit. Moreso, the work permit system should include a practice whereby padlocks

should be used to lock isolated units with red flags been placed on them and such isolated units

permit to work been rightly kept in the designated places in the control room.

More so, the following can be done to prevent the reoccurence of future events

The setting up of a system which must be included as part of normal operating management for

the timely resolve of faults in safety critical equipments must be available.

There should an interactive effect system set up to resolve emergencies between linked

operating system.

A proper evacuation and escape system should always be set up.

The installation of a susbsea isolation valve should be provided and installed on a case to case

basis on facilities.

Personnel should only be promoted and assigned duties to key positions only by merit and

prove of having adequate exposure and experience to handle such key positions.

Personnel should be empowered to always stop any workr on site which deviates from the laid

down safety rules and regulations

Mock evacuaton muster should always be conducted to enlighten personnel on the evacuation

routes and safety measures to be applied during evacuation.

6. Quantification of the fault tree and probability of the top event

The quantification of the fault tree analsysis drawn for the Piper Alpha disaster is to determine to what

extent did each of the basic and internediate event contribute to the event failure.

In this process, the Boolean algebra will be used and necessary calculation perfom from the top event.

In addition, all the basic event are denoted as , intermediate events as and the top event as

More so, in qunatifying the fault tree analysis, certain probabilities have been used and justification are

as fellows.

1) Loss of control room: The probability was chosen because the personnel chose to abandon the

control thus failure to act correctly in the first 60 seconds of an extremely high stress condition which

lead to devasting effects (P 2002).

2) Failure of C/D and B/C firewalls: The probability of 0.5 was selected because according the

firewalls of the modules of Piper Alpha were not built to withstand explosion (Pate-Cornell 1993).

Also, because the level of explosion was not properly outlined, it became imperative that a 50:50

situation be applied in selection of the probability. This implied that the explosion could be high

explosion that will destroy the firewalls or a low explosio which will not destroy the firewalls.

3) Failure of Emergency shutdown system: The probability of 0.00055 was selected because of the

potential of multiple fatalities which was present in Piper Alpha and also based on Safety Integrity

Level 3 (SIL 3), (Magnetrol 2009).

4) Incomplete recerticaition of PSV 504, Removal of PSV 504 for recertification and

misplacement of permit to work of PSV 504: The probability of 0.3 is chosen because of the lack of

safety training of personnels in Piper Alpha which led to negligence. Moreover. This probability was

chosen because to a greater extent human error is a contributory factor because these personnel could

have been under general high stress condition due to limited crew members on board. (P 2002)

5) Oil leak and gathered on grates kept: The probaility selected is 0.3904.Here, the probability is

considered to be as a result of two factors, deficient safety training and inefficeint emergency plan. The

grates where oil gathered was kept on the platform by divers. This grates ought to be kept in the store

house but beause there was deficient trainging whose probability is 0.0487 (Yan, et al. 2011) and

inefficient emergency plan with probability of 0.0862. These probability were considered because the

divers could have kept these grates because of either reasons.

However, all other probabilities were obtained from relevant journals.

Page 10: Fault Tree Analsyis for Piper Alpha Disaster

10

Calculations

From the fault tree,

Solving for

Solving for

Solving for

Page 11: Fault Tree Analsyis for Piper Alpha Disaster

11

7. Prioriting of accident contributory factors

In prioritizing the contributory factors that led to accident, the minimal cuts sets are determined for the

fault tree using the Fussell - Vesely Algorithm. Thereafter, calculation are made to prioritize.

Table 2: Cut sets for Fault Tree Using Fussell-VeselyAlgorithm

1 2 3 4 5

T

6 7 8

9 10 11

Table 3: Minimal Cut Sets for Fault Tree

Table 4: Faulty Tree Analysis showing priority of minimal cut set

Considering table 4, it is seen that the cut set that will contribute to the fast occurrence of the event failure

comprises mainly of events which results from flaws in design of the Piper Alpha and negligence of

Minimal Cut Sets

No Q W Events in minimal cut sets

1

0

2

0

3

0

Page 12: Fault Tree Analsyis for Piper Alpha Disaster

12

management. Hence, it is recommened that thorough efforts should be put in in the areas of identification

of hazards and mitigation measures provided during design stage of platforms so as to avoid a repetition of

the Piper Alpha. More so, management need todo the right things so as to avoid a situtaiton whereby

personnel neglect safety measures while performing production tasks on platforms. However, huge funds

are involved in doing this as such it is adviceable that while taking into consideration ways to eliminate

design flaws the measures and funds put into doing this should be proportionate thus the “principle of

ALARP” should be the key while doing this.

Solving for priority of each basic event by replacing each with

Page 13: Fault Tree Analsyis for Piper Alpha Disaster

13

Page 14: Fault Tree Analsyis for Piper Alpha Disaster

14

From the above calculations, it is concluded that three groups of basic events can identified and prioritized

by values when probability of each basic events was taken as 0 and replaced into the cut sets 0

Table 5: Priority of Basic events group according to top event value (TE) value

Basic Events Priority Priority explanation

1 Each of these basic event had equal effect on the

top event, therefore they have high priority to cause

failure

2 Each of these basic event have equal effect on the

top event, therefore, they have low priority to cause

failure

0

3

Each of these basic event have equal effect on the

top event, the have very low effect to cause failure

From table 5, The contributory factors have been grouped into three categories with each group having

same contributory effect on the top event. From the table, it can be concluded that design flaws are the

huge contributors to the failure event. These design flaws are such that could have been eliminated if

inherent design stragegy was thoroughly applied during the design phase of the platform. Thus, adequate

measures which considers safety from the design stage of platfroms should be taken to eliminate the

replicate of the Piper Alpha disaster or any disastrous event in the future. This measures should be those

that include HAZOP, fire and explosion modelling as sregards how both will affect the real-life platform

etc. More so,the principle of “ALARP” need to be the foremost determinant while doing this.

Page 15: Fault Tree Analsyis for Piper Alpha Disaster

15

8. Conclusion

The event of Piper Alpha disaster turned around the oil and gas industry especially in the UK where it

gave birth to new offshore regulations. Moreover, it is always relevant for operators to always ensure

that safety is paramount in whatsoever activities which concerns the drilling, production and operation

of oil and gas facilities. Furthernore, it is recommended that the various actions which has been

carefully outlined in this report be taken into consideration in present and future practice of industries

so as to avoid a reoccurence of event such as the Piper Alpha or any resemblence to it.

More so, government should monitor the promotion and employment of personnel in the oil and gas

industries especially offshore facilities so as to ensure that only competent hands are employed and

trained. However, safety should be more of proactive then reactive as this will safe huge capitals that

are paid as compensation in situations of accidents.

Page 16: Fault Tree Analsyis for Piper Alpha Disaster

16

Reference

Brian, Appleton. "Piper Alpha." In Learning From Accidents, by Kletz Trevor, 196 - 206. Oxford:

Butterworth-Heinemann, 2001.

Chevron Corporation. "Process Safety in Chevron." History and Evolution of Process Safety in Chevron.

2013.

http://sache.org/workshop/2013Faculty/files/AIChE%20August%202013%20DW%20Jones.pdf

(accessed November 08, 2013).

David, C Shallcross. "Using concept maps to assess learning of safety case studies - The Piper Alpha

disaster." Education for Chemical Engineers, 2013: e1-e11.

Drysdale, D D, and R Slyvester-Evans. "The Explosion and Fire on the Piper Alpha Platform, 6 July 1988.

A Case Study." Philosophical Transaction: Methematical, Physical An Engineering Sciences (The

Royal Society) 356, no. 1748 (December 1998): 2929-2951.

Leal-Valias, Marcel. "Managment of Change: Student Handout." n.d. http://dc126.4shared.com/doc/ZW-

AXi6k/preview.html (accessed November 13, 2013).

M, Elisabeth Pate-Cornell. A Post-Mortem Analysis of the Piper Alpha: Technical and Organiztional

Factors. Research, Stanford University, 1991.

Magnetrol. Understanding Safety Integrity Level. Illinois: Magnetrol Internation, 2009.

Mohamad , Najib B Abdul Rahim. Vulnerability Assessment of Blast Walls of Offshore Structure under

Accidental explosion. Dissertation, Ipoh: Universiti Teknologi PETRONAS, 2013.

Oil and Gas. "Piper Alpha: Lessons Learnt, 2008." n.d.

http://www.oilandgasuk.co.uk/cmsfiles/modules/publications/pdfs/HS048.pdf (accessed November

04, 2013).

P, L Clemens. Human Factors and Operator Errors. Report, Jacobs Sverdrup, 2002.

Pate-Cornell, Elisabeth M. "Learning from the Piper Alpha Accident: A Postmortem Analysis of Technical

and Organizational Factors." Risk Analysis 13, no. 2 (1993): 215-232.

Pranav, Jotani. Piper Alpha. Nottingham: Nottingham Trent University, 2013.

Sam, Mannan. "Appendix 19." In Lees' Loss Prevention in the Process Industry, by Manan Sam. Oxford:

Butterworth-Heinemann, 2012.

Yan, Fu Wang, Xie Min, Ming Ng Kien, and Salahuddin Habibullah Mohamed. "Probability analysis of

offshore fire by incorporating human and organisational factor." Ocean Engineering, 2011: 2042 -

2055.